The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-05-09T16:50:37

Updated: 2024-08-02T23:40:04.488Z

Reserved: 2022-03-03T00:00:00

Link: CVE-2022-0836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-09T17:15:08.460

Modified: 2024-11-21T06:39:29.723

Link: CVE-2022-0836

cve-icon Redhat

No data.